Description

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Remediation

References

http://markmail.org/message/j774dp5ro5xmkmg6

Related Vulnerabilities

CVE-2020-8897 Vulnerability in maven package com.amazonaws:aws-encryption-sdk-java

CVE-2018-1000632 Vulnerability in maven package org.jenkins-ci.dom4j:dom4j

CVE-2020-7754 Vulnerability in maven package org.webjars.npm:npm-user-validate

CVE-2020-10758 Vulnerability in maven package org.keycloak:keycloak-wildfly-server-subsystem

CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Third Party Advisory